🗞️ EBSA Pivots: Cybersecurity and Mental Health Top 2026 Enforcement Agenda
DOL's Employee Benefits Security Administration overhauled enforcement priorities for 2026, elevating cybersecurity and mental health access while dropping ESOPs and reducing missing participant focus.
The U.S. Department of Labor's Employee Benefits Security Administration announced significant changes to its national enforcement projects for fiscal year 2026, marking what officials describe as the most substantial overhaul in recent years. Under the leadership of newly confirmed Assistant Secretary Daniel Aronowitz, EBSA will prioritize cybersecurity threats, barriers to mental health and substance use disorder benefits, protecting benefit distributions, retirement asset management, surprise billing enforcement, and criminal abuse of contributory benefit plans.
The restructuring reflects a strategic shift toward what Deputy Secretary Keith Sonderling characterized as an "even-handed, responsive approach" focused on producing optimal results for workers, retirees, and their families. EBSA oversees protections for more than 156 million individuals covered by approximately 2.6 million health plans, 801,000 private retirement plans, and 514,000 welfare benefit plans, collectively holding roughly $13.8 trillion in assets.
Notably absent from the 2026 priority list are Employee Stock Ownership Plans, which EBSA removed following years of criticism from the ESOP community about aggressive enforcement tactics. The agency also announced reduced emphasis on missing participant investigations, citing the establishment of the Retirement Savings Lost and Found Database mandated by the SECURE 2.0 Act of 2022 as mitigating the urgency of such inquiries.
Cybersecurity emerged as the top enforcement priority following updated guidance in September 2024 clarifying that all employee benefit plans are subject to cybersecurity requirements. High-profile litigation involving participant losses—including cases where individuals lost hundreds of thousands of dollars to fraudsters—underscores the severity of cybersecurity vulnerabilities in retirement systems.
Mental health and substance use disorder benefits enforcement continues despite the Trump administration's decision not to enforce the September 2024 mental health parity regulations. EBSA stated it will focus on serious violations preventing access to benefits, including burdensome claims processes, unjustified treatment exclusions, unreasonable care limits, and incorrect provider directories. The Mental Health Parity and Addiction Equity Act and its 2013 regulations remain in effect as enforcement priorities.
The No Surprises Act implementation also features prominently, with House Republicans having specifically urged EBSA to enforce consumer protections against surprise medical bills.
Assistant Secretary Aronowitz, who brings 30 years of experience in fiduciary liability insurance, pledged during his confirmation hearing to end "open-ended investigations that go on for years" and the "regulatory abuse of common-interest agreements with plaintiff lawyers." He emphasized that enforcement will be "fair, even-handed, and efficient," urging plans and service providers to respond promptly to agency requests to facilitate timely resolution.
Key Points
- Top Enforcement Priorities: Cybersecurity, mental health access barriers, benefit distributions, retirement asset management, surprise billing, and criminal abuse of contributory plans
- Major Removals: ESOPs dropped from national enforcement project list; missing participant focus reduced following Lost and Found database launch
- Leadership Change: Daniel Aronowitz, former fiduciary liability insurance executive, confirmed as Assistant Secretary after pledging to "end the war on ESOPs"
- Cybersecurity Focus: Updated September 2024 guidance clarified all employee benefit plans subject to cybersecurity requirements; high-profile fraud cases driving enforcement
- Mental Health Enforcement: Continues despite 2024 parity rule non-enforcement; focuses on access barriers, burdensome processes, and provider directory accuracy
- SECURE 2.0 Impact: Retirement Savings Lost and Found Database reduces need for aggressive missing participant enforcement efforts
- Scope: EBSA oversees 156+ million participants, 2.6 million health plans, 801,000 retirement plans, holding $13.8 trillion in assets
Primary Source Author: U.S. Department of Labor
Primary Source: US Department of Labor's Employee Benefits Security Administration Updates National Enforcement Projects for Employee Benefit Plans
Primary Source Link: https://www.dol.gov/newsroom/releases/ebsa/ebsa20260115
Supplemental Links:
- https://www.planadviser.com/daniel-aronowitz-confirmed-to-lead-dols-ebsa/
- https://lostandfound.dol.gov/
- https://www.dol.gov/agencies/ebsa/laws-and-regulations/laws/mental-health-and-substance-use-disorder-parity
- https://www.dol.gov/agencies/ebsa/laws-and-regulations/laws/no-surprises-act
- https://www.menke.com/esop-archives/ebsa-ends-the-war-on-esops/
- https://www.napa-net.org/news/2026/1/ebsa-announces-shift-in-enforcement-priorities-for-fy-2026/
- https://www.federalregister.gov/documents/2024/11/20/2024-27098/retirement-savings-lost-and-found
